Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.9

    MEDIUM
    CVE-2025-58069

    The use of a hard-coded cryptographic key was discovered in firmware version 3.60 of the Click Plus PLC. The vulnerability relies on the fact that the software contains a hard-coded AES key used to protect the initial messages of a new KOPS session.... Read more

    Affected Products :
    • Published: Sep. 23, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Cryptography

  • 6.9

    MEDIUM
    CVE-2025-58354

    Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines (VMs) that perform like containers. In Kata Containers versions from 3.20.0 and before, a malicious host can circumvent initdata verification. ... Read more

    Affected Products : runtime
    • Published: Sep. 23, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Misconfiguration

  • 7.6

    HIGH
    CVE-2025-59826

    Flag Forge is a Capture The Flag (CTF) platform. In version 2.1.0, non-admin users can create arbitrary challenges, potentially introducing malicious, incorrect, or misleading content. This issue has been patched in version 2.2.0.... Read more

    Affected Products :
    • Published: Sep. 23, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Misconfiguration

  • 9.8

    CRITICAL
    CVE-2025-10147

    The Podlove Podcast Publisher plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'move_as_original_file' function in all versions up to, and including, 4.2.6. This makes it possible for unauthenticated ... Read more

    Affected Products : podlove_podcast_publisher
    • Published: Sep. 23, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Misconfiguration

  • 5.0

    MEDIUM
    CVE-2024-21927

    Improper input validation in Satellite Management Controller (SMC) may allow an attacker with privileges to use certain special characters in manipulated Redfish® API commands, causing service processes like OpenBMC to crash and reset, potentially resulti... Read more

    Affected Products :
    • Published: Sep. 23, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Denial of Service

  • 0.0

    NA
    CVE-2025-39876

    In the Linux kernel, the following vulnerability has been resolved: net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable() The function of_phy_find_device may return NULL, so we need to take care before dereferencing phy_dev.... Read more

    Affected Products : linux_kernel
    • Published: Sep. 23, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Misconfiguration

  • 5.0

    MEDIUM
    CVE-2024-21935

    Improper input validation in Satellite Management Controller (SMC) may allow an attacker with privileges to manipulate Redfish® API commands to remove files from the local root directory, potentially resulting in data corruption.... Read more

    Affected Products :
    • Published: Sep. 23, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Path Traversal

  • 6.7

    MEDIUM
    CVE-2025-54081

    Sunshine is a self-hosted game stream host for Moonlight. Prior to version 2025.923.33222, the Windows service SunshineService is installed with an unquoted executable path. If Sunshine is installed in a directory whose name includes a space, the Service ... Read more

    Affected Products : sunshine
    • Published: Sep. 23, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Misconfiguration

  • 6.1

    MEDIUM
    CVE-2025-0209

    A reflected cross-site scripting (XSS) vulnerability exists in the account registration flow of WSO2 Identity Server due to improper output encoding. A malicious actor can exploit this vulnerability by injecting a crafted payload that is reflected in the ... Read more

    Affected Products :
    • Published: Sep. 23, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Cross-Site Scripting

  • 8.3

    HIGH
    CVE-2025-1255

    Untrusted Pointer Dereference vulnerability in RTI Connext Professional (Core Libraries) allows Pointer Manipulation.This issue affects Connext Professional: from 7.4.0 before 7.6.0, from 7.2.0 before 7.3.0.9.... Read more

    Affected Products : connext_professional
    • Published: Sep. 23, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Memory Corruption

  • 0.0

    NA
    CVE-2025-56146

    Indian Bank IndSMART Android App 3.8.1 is vulnerable to Missing SSL Certificate Validation in NuWebViewActivity.... Read more

    Affected Products :
    • Published: Sep. 23, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Misconfiguration

  • 8.3

    HIGH
    CVE-2025-4993

    Untrusted Pointer Dereference vulnerability in RTI Connext Professional (Core Libraries) allows Pointer Manipulation.This issue affects Connext Professional: from 7.4.0 before 7.6.0, from 7.0.0 before 7.3.0.10, from 6.1.0 before 6.1.2.27, from 6.0.0 befor... Read more

    Affected Products : connext_professional
    • Published: Sep. 23, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2025-41715

    The database for the web application is exposed without authentication, allowing an unauthenticated remote attacker to gain unauthorized access and potentially compromise it.... Read more

    Affected Products :
    • Published: Sep. 24, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Authentication

  • 8.2

    HIGH
    CVE-2025-21488

    Information disclosure while decoding this RTP packet headers received by UE from the network when the padding bit is set.... Read more

    Affected Products :
    • Published: Sep. 24, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Information Disclosure

  • 6.3

    MEDIUM
    CVE-2017-20200

    A vulnerability has been found in Coinomi up to 1.7.6. This issue affects some unknown processing. Such manipulation leads to cleartext transmission of sensitive information. The attack can be launched remotely. This attack is characterized by high comple... Read more

    Affected Products :
    • Published: Sep. 23, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Information Disclosure

  • 4.8

    MEDIUM
    CVE-2025-4760

    An authenticated stored cross-site scripting (XSS) vulnerability exists in multiple WSO2 products due to improper validation of user-supplied input during API document upload in the Publisher portal. A user with publisher privileges can upload a crafted A... Read more

    Affected Products :
    • Published: Sep. 23, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Cross-Site Scripting

  • 3.3

    LOW
    CVE-2025-23346

    NVIDIA CUDA Toolkit contains a vulnerability in cuobjdump, where an unprivileged user can cause a NULL pointer dereference. A successful exploit of this vulnerability may lead to a limited denial of service.... Read more

    Affected Products : cuda_toolkit
    • Published: Sep. 24, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Denial of Service

  • 5.4

    MEDIUM
    CVE-2025-57407

    A stored cross-site scripting (XSS) vulnerability in the Admin Log Viewer of S-Cart <=10.0.3 allows a remote authenticated attacker to inject arbitrary web script or HTML via a crafted User-Agent header. The script is executed in an administrator's browse... Read more

    Affected Products : s-cart
    • Published: Sep. 23, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Cross-Site Scripting

  • 6.7

    MEDIUM
    CVE-2025-5717

    An authenticated remote code execution (RCE) vulnerability exists in multiple WSO2 products due to improper input validation in the event processor admin service. A user with administrative access to the SOAP admin services can exploit this flaw by deploy... Read more

    Affected Products :
    • Published: Sep. 23, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Authentication

  • 7.8

    HIGH
    CVE-2025-27032

    memory corruption while loading a PIL authenticated VM, when authenticated VM image is loaded without maintaining cache coherency.... Read more

    Affected Products :
    • Published: Sep. 24, 2025
    • Modified: Sep. 24, 2025
    • Vuln Type: Memory Corruption
Showing 20 of 4321 Results